Employee working on a computer

Cyber-security: How safe is your organisation?

Cyber security was thrust into the spotlight when a ransomware attack on an NHS IT provider threatened to disrupt digital services such as patient check-ins and NHS 111.

A ransomware attack is where hackers take control of IT systems to steal data and demand payment from their victims to recover it.

The firm at the centre of the attack refused to confirm whether it had negotiated with the hackers or paid a ransom. However, it did indicate it would take up to four weeks to recover.

The incident is a clear example of the potential damage and chaos that a cyber-attack can inflict and highlights the magnitude of cyber security.

THIS – at the vanguard of cyber security

The Health Informatics Service (THIS) is at the vanguard of cyber security for its host trust, the Calderdale and Huddersfield NHS Foundation Trust (CHFT) and 59 clients across the healthcare sector.

Its Cyber Security Team helps to protect approximately 15,000 devices used by 19,000 people working within CHFT and a spectrum of clients ranging from prison healthcare service providers to GPs’ surgeries.

THIS is the only NHS informatics service to hold three ISO standards relating to cyber security and data protection: ISO 27001 Information Security Management, 9001 Cyber Management and 20000-1 Information Technology Service Management. It is compliant with the NHS Digital/NHS England Data Security and Protection Toolkit (DSPT) and its cyber security training is NHS Digital/NHS England mandated.

In one two-month period, CHFT was the target of 46,600 phishing emails and 34,600 spam emails that resulted in 1,658 malicious websites being blocked, and the thwarting of 1,432 malware attacks.

Building up a security posture

How much protection a healthcare organisation requires depends on the amount and type of data it handles, particularly if it includes patient data. 

Paul Glover, of THIS’ Cyber Security Team, recommends the National Cyber Security Centre (NCSC) 10 steps to cyber security as a good starting point. It includes advice on the management of risks, assets, vulnerability, identity and systems access, training and data security.

He says: “Acquiring a good security posture doesn't mean your organisation is completely impenetrable from a cyber-attack. It means the impact is likely to be less than if you'd done nothing.

“The other part of the equation is understanding that if, or when, you are attacked what is your response will be? How are you going to keep running your organisation while it’s suffering from a cyber-attack?”

Back-up plan and incident response

Malware is evolving constantly. Paul Glover likens it to different variants of a virus and how symptoms can change with different mutations.

He says: “What the virus creators do now is create it so that it changes every time it infects a PC. We use next generation antivirus software that looks at the behaviours of the malware instead of looking at the signature.

“Modern antivirus firewalls, intrusion prevention systems, antivirus web security and email security help us to stay ahead of the game.”

Backing up data is an important step to keep it safe, as is having an incident response strategy to be as well prepared as possible.

Recognising the threat and where it comes from…

A common perception of a cyber security attack is one of the hackers breaking through firewalls. But sometimes the threat can come from close to home.

Paul Glover: “There is a threat that comes from inside an organisation. NHS staff have access to some critical information. Someone could sell data or leak it to the internet. But it can happen unwittingly. Social engineering (the term used for a range of malicious activities that trick system users into making security mistakes or giving away sensitive information) is another big risk.”

Providing protection against cyber sabotage

You can read our in-depth Cyber-security: How safe is your organisation white paper here or if you’d like to discuss your requirements, contact us here.

National Health Executive, Nov/Dec, Cover

NHE Nov/Dec 22

How active travel can help staff save money, improve wellbeing and help meet net zero targets

This issue highlights the latest topics within the health sector, from the NHS outlining its net zero strategy, Virtual hospitals, sustainable healthcare, How the NHS can achieve financial stability and more with articles featuring industry leaders such as Rory Deighton, Acute Network Director for NHS Confederation, Dr Tom Milligan, Clinical Lead for Diabetes in Humber and North Yorkshire, Misha Garcia, Value Programme Lead, NHS Property Services and many more.

Videos...

View all videos
National Health Executive Presents

National Health Executive Presents

NHE365 Virtual Events

NHE has created a full calendar of events to address the most important issues that influence the delivery of healthcare services. Over 365 days you'll have the opportunity to hear from a range of highly motivating, informative and inspirational speakers. These speakers will equip you with the knowledge and unique insight to enable you to overcome the challenges that you face.

Finger on the Pulse

Ep 14. Health messaging is a science, Professor Craig Jackson

On Episode 14 of NHE's Finger on the Pulse podcast, we're joined by Professor Craig Jackson, Professor of Occupational Health Psychology
Birmingham City University to discuss the coronavirus pandemic, the health messaging around it and how those in power have missed a trick by overlooking the key role of psychology in informing the public of restrictions, measures and the ever-changing situation

More articles...

View all